Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oscommerce oscommerce vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2012-1059
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote malicious users to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front&q...
Oscommerce Online Merchant 3.0.2
1 EDB exploit
4
CVSSv2
CVE-2018-18964
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension.
Oscommerce Online Merchant 2.3.4.1
4
CVSSv2
CVE-2018-18965
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extensi...
Oscommerce Online Merchant 2.3.4.1
4
CVSSv2
CVE-2018-18966
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file.
Oscommerce Online Merchant 2.3.4.1
7.5
CVSSv2
CVE-2008-4765
SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote malicious users to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
Oscommerce Poll Booth 2.0
2 EDB exploits
10
CVSSv2
CVE-2009-2038
Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to bank charges.
Oscommerce Finnish Bank Payment
7.5
CVSSv2
CVE-2007-1477
Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language va...
Oscommerce Php Point Of Sale 1.1
NA
CVE-2024-4348
A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has be...
4.3
CVSSv2
CVE-2010-4947
Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote malicious users to inject arbitrary web script or HTML via the keywords parameter.
Allpcscript Allpc 2.5
1 EDB exploit
7.5
CVSSv2
CVE-2010-4946
SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote malicious users to execute arbitrary SQL commands via the products_id parameter.
Allpcscript Allpc 2.5
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »